RedHatRHSA-2013:1282(RHSA-2013:1282) Important: rtkit security update
EPSS
Percentile
5.1%
RealtimeKit is a D-Bus system service that changes the scheduling policy of
user processes/threads to SCHED_RR (that is, realtime scheduling mode) on
request. It is intended to be used as a secure mechanism to allow real-time
scheduling to be used by normal user processes.
It was found that RealtimeKit communicated with PolicyKit for authorization
using a D-Bus API that is vulnerable to a race condition. This could have
led to intended PolicyKit authorizations being bypassed. This update
modifies RealtimeKit to communicate with PolicyKit via a different API that
is not vulnerable to the race condition. (CVE-2013-4326)
All rtkit users are advised to upgrade to this updated package, which
contains a backported patch to correct this issue.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | 6 | s390x | rtkit | < 0.5-2.el6_4 | rtkit-0.5-2.el6_4.s390x.rpm |
| RedHat | 6 | src | rtkit | < 0.5-2.el6_4 | rtkit-0.5-2.el6_4.src.rpm |
| RedHat | 6 | i686 | rtkit-debuginfo | < 0.5-2.el6_4 | rtkit-debuginfo-0.5-2.el6_4.i686.rpm |
| RedHat | 6 | x86_64 | rtkit | < 0.5-2.el6_4 | rtkit-0.5-2.el6_4.x86_64.rpm |
| RedHat | 6 | ppc64 | rtkit | < 0.5-2.el6_4 | rtkit-0.5-2.el6_4.ppc64.rpm |
| RedHat | 6 | s390x | rtkit-debuginfo | < 0.5-2.el6_4 | rtkit-debuginfo-0.5-2.el6_4.s390x.rpm |
| RedHat | 6 | x86_64 | rtkit-debuginfo | < 0.5-2.el6_4 | rtkit-debuginfo-0.5-2.el6_4.x86_64.rpm |
| RedHat | 6 | i686 | rtkit | < 0.5-2.el6_4 | rtkit-0.5-2.el6_4.i686.rpm |
| RedHat | 6 | ppc64 | rtkit-debuginfo | < 0.5-2.el6_4 | rtkit-debuginfo-0.5-2.el6_4.ppc64.rpm |
Related
